Create a New Policy (MDM)

Configuration

Assign the Policy Name and specify the settings for All Device Type and Supervised Device Only.
Wireless Network – Click Add Wireless Network and select from the list, then click OK. If there are no pre-defined wireless networks, click Add to create a new wireless network. Refer to .
Web Clips – Click Add Web Clips and select from the list, then click OK. If there are no pre-defined web clips, click Add to add web clips. Refer to .
Email Settings – Click Add Email Settings and select from the list, then click OK. If there are no pre-defined emails, click Add to add emails. Refer to .
Certificates – Click Add Certificates and select from the list, then click OK. If there are no pre-defined certificates, click Add to add certificates. Refer to .
Global HTTP Proxy – Select a proxy from drop-down list or Click Add Global HTTP Proxy and select from the list, then click OK. If there are no pre-defined proxies, click Add to add a proxy. Refer to .
Wallpapers – Select a wallpaper from drop-down list or Click Add Wallpaper and select from the list, then click OK. If there are no pre-defined wallpapers, click Add to add a wallpaper. Refer to .
Lock screen message – Specify the message to be displayed at the bottom of the lock screen up to a maximum of 36 characters.

Restrictions

Click Add to select restrictions from the category of restrictions and then click Save.

After restrictions have been selected, enable or disable the restrictions, or set up specific parameters through the Parameters column.

See to view the complete list of restrictions.

Passcode

Require a Passcode – Enable this option to enforce a passcode requirement on devices in the group.
Require alphanumeric value – Enable this option to require passcodes to contain at least one letter and one number.
Allow simple value – Enable this option to allow passcodes that include repeating, ascending, or descending character sequences (for example, ’3333’ or ’DEFG’).
Minimum length – Specify the minimum number of characters (between 4 to 16 characters) a passcode must contain.
Maximum Failed Unlock Attempts – Specify the number of failed login attempts (up to maximum of 50) before a device is wiped clean.
Auto-lock Time Limit – Specify how long the device can remain idle before locking itself.
Minimum Complex Characters – Specify the number of non-alphanumeric characters (symbols or punctuation marks such as $ and !) that the passcode must contain. Passcodes cannot have more than 4 complex characters.
Passcode Expiry Duration (in days) – Specify the maximum number of days (up to maximum of 365 days) the passcode may be used before the passcode must be changed.
Grace Period before Device Lock – Specify how soon the device can be unlocked again after use, without prompting again for the passcode.
Passcode History – Specify the number of new passcodes that must be used (up to maximum of 50) before an old password can be reused.

Kiosk Mode

Kiosk Mode enables IT admins to lock devices to run a single app or just a specific set of pre-approved apps. Once Kiosk Mode is enabled on the device, users will have access only to the specific app or set of apps, device settings, and functionalities allowed by the admin, with the rest restricted.

Enable Kiosk Mode (Single App Mode) – When enabled, this option restricts iOS device functionality to run a single application. Only for supervised devices.
Select app to run in Single App Mode – Select an app to run from the pre-defined list or, if you want to run an app in kiosk mode that is not found in the pre-defined list, select Specify Bundle Identifier and provide the Bundle ID in the field provided. Note that Bundle IDs are case sensitive. When selecting a single app, the selected app will be automatically installed on devices added to the group (if it is not already installed).
Always Enabled – Select which features should be always enabled (if any). Enabled features will be always be active/available and cannot be disabled.
- Touch – Allows devices to respond to input from the touchscreen.
- Motion (Screen Rotation) – Allows screen orientation to rotate according to the device orientation.
- Volume Buttons – Allows devices to respond to input from the volume buttons.
- Side Switch – Allows devices to respond to input from the side switch (only for certain models).
- Sleep/Wake Buttons – Allows devices to respond to sleep/wake commands generated by pressing the power button.
- Auto-Lock – Enables the device to automatically lock after a defined period of inactivity.
- Voice Over – Enables Voice Over mode, where the device automatically reads text on the screen out loud.
- Zoom – Enables zoom mode so users can touch to zoom in on the screen. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
- Invert Colors – Enables the option to invert the display colors so users with visual impairments can change the display screen. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
- Assistive Touch – Enables the Assistive Touch feature, which allows users to replace certain touchscreen actions (such as pinching or double-tapping) with a single touch. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
- Speak Selection – Allows the Speak Selection accessibility settings on devices. This feature reads text out loud that users select. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
- Mono Audio – Restricts audio output to mono audio.
Accessibility Shortcut – Select which accessibility shortcuts (if any) should be available when using the kiosk devices. If a shortcut is enabled, users will be able to turn the associated accessibility feature on and off according to their needs.
- Voice Over – Enable this option to permit users to toggle Voice Over mode.
- Zoom – Enable this option to permit users to toggle Zoom mode.
- Invert Colors – Enable this option to permit users to invert display colors.
- Assistive Touch – Enable this option to permit users to toggle Assistive Touch mode.

Geofencing

Geofencing enables IT admins to restrict the usage of devices to certain regions by creating geofences, or virtual fences, based on real-world geographical region. This feature allows admins to set up alerts, automatic actions, and tailor policies based on device movement and specified tags.

Track device location – Select this option to track the most recently reported location. This requires Faronics MDM App to be installed on the device and track device function enabled on the device.
Create locations by typing an address in the Search Address field and setting a radius around the location, then click Add.
Set a Fence Priority. The order of priority is listed in descending order. The higher the fence is in the list, the more priority it is given. In the event of any conflict resulting from overlapping geofences, the policy listed higher in the list will take priority. Policies with Policy Switching labels indicate policies that contain criteria for Switch Policy on Entry/Exit.
Time Delay – Specify the amount of time a device must spend outside of a geofenced area (up to a maximum of 180 minutes) before an action is triggered.
Email Alerts – Select to send an alert when Device Enters Fence or/and when Device Exits Fence.
Lock device when it exits fence – When enabled, this action will lock the device after exiting the fence after the time delay expires.
Full wipe device when it exits – When enabled, this action will wipe the device after exiting the fence after the time delay expires. Note that this action will delete all data from the device. Make sure that the geofence is correctly configured to avoid accidental data loss.
Switch Policy on entry/exit – Enable this option and configure the following options to be applied to the device upon entry to or exit from the fence:
- Apply this policy (Name of Policy) on geofence entry if device matches any tags – Enter a tag to apply.
- Assign this policy when device exits the fence – Select a policy from the list to be applied to the device, if the device has any of the following tags specified.
- Assign this policy when device exits the Fence – Select a policy from the list to be applied to the device, if the device has none of the above tags.

When the Switch Policy on Entry/Exit is enabled, these actions take precedence and will be applied on the device when the device exits the fence, even if the Lock Device when it Exits Fence and/or Full Wipe Device when it Exits are selected.

Web Filtering

Enable Web Filtering – Enable this option and select to allow or block websites. Specify the list of websites separated by a comma in the field provided.

Applications

Select an app and assign whether to automatically update or manually update the app.

After policies have been created, you can assign them to enrolled devices.

PreviousCreate a macOS Policy NextGlobal Settings (MDM)

Last updated 10 months ago

Configuration

Assign the Policy Name and specify the settings for All Device Type and Supervised Device Only.

Wireless Network – Click Add Wireless Network and select from the list, then click OK. If there are no pre-defined wireless networks, click Add to create a new wireless network. Refer to .

Web Clips – Click Add Web Clips and select from the list, then click OK. If there are no pre-defined web clips, click Add to add web clips. Refer to .

Email Settings – Click Add Email Settings and select from the list, then click OK. If there are no pre-defined emails, click Add to add emails. Refer to .

Certificates – Click Add Certificates and select from the list, then click OK. If there are no pre-defined certificates, click Add to add certificates. Refer to .

Global HTTP Proxy – Select a proxy from drop-down list or Click Add Global HTTP Proxy and select from the list, then click OK. If there are no pre-defined proxies, click Add to add a proxy. Refer to .

Wallpapers – Select a wallpaper from drop-down list or Click Add Wallpaper and select from the list, then click OK. If there are no pre-defined wallpapers, click Add to add a wallpaper. Refer to .

Lock screen message – Specify the message to be displayed at the bottom of the lock screen up to a maximum of 36 characters.

Passcode

Require a Passcode – Enable this option to enforce a passcode requirement on devices in the group.

Require alphanumeric value – Enable this option to require passcodes to contain at least one letter and one number.

Allow simple value – Enable this option to allow passcodes that include repeating, ascending, or descending character sequences (for example, ’3333’ or ’DEFG’).

Minimum length – Specify the minimum number of characters (between 4 to 16 characters) a passcode must contain.

Maximum Failed Unlock Attempts – Specify the number of failed login attempts (up to maximum of 50) before a device is wiped clean.

Auto-lock Time Limit – Specify how long the device can remain idle before locking itself.

Minimum Complex Characters – Specify the number of non-alphanumeric characters (symbols or punctuation marks such as $ and !) that the passcode must contain. Passcodes cannot have more than 4 complex characters.

Passcode Expiry Duration (in days) – Specify the maximum number of days (up to maximum of 365 days) the passcode may be used before the passcode must be changed.

Grace Period before Device Lock – Specify how soon the device can be unlocked again after use, without prompting again for the passcode.

Passcode History – Specify the number of new passcodes that must be used (up to maximum of 50) before an old password can be reused.

Kiosk Mode

Enable Kiosk Mode (Single App Mode) – When enabled, this option restricts iOS device functionality to run a single application. Only for supervised devices.

Select app to run in Single App Mode – Select an app to run from the pre-defined list or, if you want to run an app in kiosk mode that is not found in the pre-defined list, select Specify Bundle Identifier and provide the Bundle ID in the field provided. Note that Bundle IDs are case sensitive. When selecting a single app, the selected app will be automatically installed on devices added to the group (if it is not already installed).

Always Enabled – Select which features should be always enabled (if any). Enabled features will be always be active/available and cannot be disabled.

Touch – Allows devices to respond to input from the touchscreen.
Motion (Screen Rotation) – Allows screen orientation to rotate according to the device orientation.
Volume Buttons – Allows devices to respond to input from the volume buttons.
Side Switch – Allows devices to respond to input from the side switch (only for certain models).
Sleep/Wake Buttons – Allows devices to respond to sleep/wake commands generated by pressing the power button.
Auto-Lock – Enables the device to automatically lock after a defined period of inactivity.
Voice Over – Enables Voice Over mode, where the device automatically reads text on the screen out loud.
Zoom – Enables zoom mode so users can touch to zoom in on the screen. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
Invert Colors – Enables the option to invert the display colors so users with visual impairments can change the display screen. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
Assistive Touch – Enables the Assistive Touch feature, which allows users to replace certain touchscreen actions (such as pinching or double-tapping) with a single touch. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
Speak Selection – Allows the Speak Selection accessibility settings on devices. This feature reads text out loud that users select. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.
Mono Audio – Restricts audio output to mono audio.

Accessibility Shortcut – Select which accessibility shortcuts (if any) should be available when using the kiosk devices. If a shortcut is enabled, users will be able to turn the associated accessibility feature on and off according to their needs.

Voice Over – Enable this option to permit users to toggle Voice Over mode.
Zoom – Enable this option to permit users to toggle Zoom mode.
Invert Colors – Enable this option to permit users to invert display colors.
Assistive Touch – Enable this option to permit users to toggle Assistive Touch mode.

Geofencing

Track device location – Select this option to track the most recently reported location. This requires Faronics MDM App to be installed on the device and track device function enabled on the device.

Create locations by typing an address in the Search Address field and setting a radius around the location, then click Add.

Set a Fence Priority. The order of priority is listed in descending order. The higher the fence is in the list, the more priority it is given. In the event of any conflict resulting from overlapping geofences, the policy listed higher in the list will take priority. Policies with Policy Switching labels indicate policies that contain criteria for Switch Policy on Entry/Exit.

Time Delay – Specify the amount of time a device must spend outside of a geofenced area (up to a maximum of 180 minutes) before an action is triggered.

Email Alerts – Select to send an alert when Device Enters Fence or/and when Device Exits Fence.

Lock device when it exits fence – When enabled, this action will lock the device after exiting the fence after the time delay expires.

Full wipe device when it exits – When enabled, this action will wipe the device after exiting the fence after the time delay expires. Note that this action will delete all data from the device. Make sure that the geofence is correctly configured to avoid accidental data loss.

Switch Policy on entry/exit – Enable this option and configure the following options to be applied to the device upon entry to or exit from the fence:

Apply this policy (Name of Policy) on geofence entry if device matches any tags – Enter a tag to apply.
Assign this policy when device exits the fence – Select a policy from the list to be applied to the device, if the device has any of the following tags specified.
Assign this policy when device exits the Fence – Select a policy from the list to be applied to the device, if the device has none of the above tags.